• Home
  • Hacking & Security
    • Network Hacking
    • Web Hacking
    • Social Engineering
    • Kali Linux
    Submit An Article
  • Courses
    • All Courses
    • Bundles
    • Masterclass
    • VIP Membership
    • FAQ

    Popular Courses

  • Shop
    • Hardware Bundles
    • Wireless Adapters
    • Pentesting Tools
    • Security
    • Accessories
    • Clothing
    • Books
    • All
  • Competition
  • Services
    Penetration Testing
    Consulting
    Code Review
    One on one Training
    Online Courses
    VPN
  • Blog
      • Cart

    VIP Membership Masterclass
    Got a question?
    [email protected]y.org
    RegisterLogin
    zSecurity
    • Home
    • Hacking & Security
      • Network Hacking
      • Web Hacking
      • Social Engineering
      • Kali Linux
      Submit An Article
    • Courses
      • All Courses
      • Bundles
      • Masterclass
      • VIP Membership
      • FAQ

      Popular Courses

    • Shop
      • Hardware Bundles
      • Wireless Adapters
      • Pentesting Tools
      • Security
      • Accessories
      • Clothing
      • Books
      • All
    • Competition
    • Services
      Penetration Testing
      Consulting
      Code Review
      One on one Training
      Online Courses
      VPN
    • Blog
        • Cart

      Forensics

      Intro to Computer Forensic for beginners

      • Posted by Abdolsabor Malik
      • Date March 8, 2019

      In the past, robbers use to rob a bank through physical penetration into the building and get away with money. This would lead to involvement of law enforcement agencies bringing the team of forensic experts to find clues and connect the dots at the sight of the incident.  Living in the world of the Internet of everything, these old school robbers have now transformed to the rank of cybercriminals. Cybercriminals carry out different criminal acts such as data breach, identity theft, Denial of Service attack, ransom and phishing attack, all of this is done using digital devices, this lead to the evolution of forensic to digital forensics.

      Cybercrime is growing exponentially, according to the latest statistics of data breaches and many other incidents, adding new dimensions to incidents. There comes the role of a digital forensics expert — to investigate digital devices related to crimes. This article will provide you with a basic understanding on forensic analysis and give you a practical glimpse of a typical day in the life of a forensics expert.

      Playing a Digital detective involves gathering information from a device related to a crime. This is the first step in forensic analysis. It could be a compromised system, laptop or server related to the crime scene. To know the current state, the volatile data of the suspect system is the first thing to collect from. The information stored in RAM is very useful in the forensic investigation, and it is, in fact, the first most desired acquisition to be made. There are many tools available to forensic analysts to capture the current state of machinery. We would proceed with FTK Imager in this tutorial.

      FTK Imager     

      A very handy tool that is often used to get a snapshots of a system that is subject to forensic analysis. FTK is an open source tool that is available in Lite and full version. It is often a good practice by the forensic analyst to access the suspect machine with Lite version stored in a USB drive and then uses it to acquire the system bitstream copy that gathers all the data bit by bit from a hard disk.

      Demo

      From the site below, you can get the download file. Proceed with the installation if you want to install it on your system. Make sure you download it on a virtual machine isolated as a suspect machine.

      To generate some data in memory, you can start doing different tasks on the VM such as creating word file, searching on google for something, or alternatively search for some credit card info to pretend a malicious computer holding some sensitive data.

      Now start FTK images and capture the memory as shown below:

      You will get a .mem file as your suspect image snapshot. Assign a suitable name to it and then open the image. By going through the memory, you can search for various items present in the memory. It would have those secret data which you recently loaded into your memory, as described in figure below.

       

      Well done. Now you have learned to create a forensic image of RAM, which is crucial forensic task.

       

       

      Resources:

      FTK Imger: https://marketing.accessdata.com/ftk-imager-3.4.3-download

      Tag:forensics, FTK image

      • Share:
      author avatar
      Abdolsabor Malik

      Electrical and Telecom Engineer. Interested in ICT Tech learning and Future technologies. possess a penchant for Linux, IoT ,CyberSecurity and Data Networking.

      Previous post

      How Hackers Hack into Secure Systems
      March 8, 2019

      Next post

      Gaining Root Privileges Using a Basic Exploit
      March 12, 2019

      You may also like

      domain-controllers_370x208
      Identifying Domain controller in a network
      24 March, 2023
      storm-braker_370x208
      Access Location, Camera & Mic of any Device 🌎🎤📍📷
      23 March, 2023
      Common-Authentication-Bypass-Techniques_370x208
      Common Authentication Bypass Techniques
      16 March, 2023

        4 Comments

      1. j001
        April 6, 2019
        Log in to Reply

        I need this real bad. I wish I’d known about this website sooner. I have been hacked by my exboyfriend for 3years now. Although the activity has slowed down now, or so I think, I can tell that he still hacks me. I have many, many devices that he’s shut down. iPhones, iPads, droids, 2 laptops. He’s relentless. Not only am I interested in taking courses, but I absolutely need the help to rid my devices and my future of this monster.

        • Abdolsabor Malik
          April 9, 2019
          Log in to Reply

          Its a good step to get aware of your digital identity.
          Thats the only way to maximize our security in cyberspace.
          While cybercrime helplines are also helpful.

      2. jeffrive
        July 8, 2019
        Log in to Reply

        Your next step will have to be using Autopsy to investigate the image further.
        https://www.sleuthkit.org/autopsy/
        works on linux and windows, is built into Kali
        I find the Windows GUI easier to work with for large images

      3. Ciberfete
        October 27, 2020
        Log in to Reply

        Great article Malik, thanks for sharing.

      Leave A Reply Cancel reply

      You must be logged in to post a comment.

      Categories

      • Cryptography
      • Cryptography
      • CTF
      • Forensics
      • Hacking & Security
      • Hardware
      • IOT
      • Kali Linux
      • Network Hacking
      • News
      • OSINT
      • Post Exploitation
      • Post Exploitation
      • Privacy
      • Programming
      • Security
      • Social Engineering
      • Uncategorized
      • Web Hacking

      Popular Posts

      Got a Blank Screen After Importing Kali in Virtual Box ? Here’s How To Fix It
      25Jan2018

      Connect with us

      • Facebook
      • Twitter
      • LinkedIn
      • Instagram
      • Youtube

      “Everything related to ethical hacking

      & cyber security in one place.”

      Quick Links

      • Home
      • About Us
      • Hacking & Security
      • Download Custom Kali
      • Contact
      • FAQ

      Services

      • Penetration Testing
      • Consulting
      • Code Review
      • One on one training
      • VPN
      • VIP Membership

      Company

      • About Us
      • Contact
      • Vulnerability Disclosure

      Support

      • FAQ
      • Forums

      Copyright © 2022 Z IT SECURITY LTD t/a zSecurity. All rights reserved.

      • Privacy
      • Shipping
      • Refunds
      • Terms

      Contribute

      Share your knowledge with the world

      SUBMIT AN ARTICLE

      Login with your site account

      Lost your password?

      Not a member yet? Register now

      Register a new account


      Are you a member? Login now

      Enroll in this course to access this lesson!

      All of our courses include:

      ✔ Lifetime, unlimited access to course materials & training videos.

      ✔ Watch online or download lectures for offline use.

      ✔ Verifiable certificate of completion from zSecurity, signed by the course instructor, Zaid.

      ✔ Get answers from our Support Team within a maximum of 15 hours.

      ✔ Unlimited Updates.

      Get free 1 month VIP membership per course with:

      ✔ Live mentorship and Q&A session with the course instructor, Zaid.

      ✔ Instant support from community members through our private discord channel.

      ✔ Daily updates with the latest tutorials & news in the hacking world.

      ✔ Daily resources like CTFs, bug bounty programs, onion services and more!

      ✔ Access our VIP community & connect with like-minded people.

      ✔ Discounts on other zSecurity products and services.

      We are using cookies to give you the best experience on our website. This includes but is not limited to:

      • Storing your settings and preferences.
      • Remember your access information
      • Track website performance and make our website more relevant to you.

      You can find out more about which cookies we are using or switch them off in settings.

      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

      Strictly Necessary Cookies

      Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

      3rd Party Cookies

      This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

      Keeping this cookies enabled helps us to improve our website.

      Please enable Strictly Necessary Cookies first so that we can save your preferences!

      Powered by  GDPR Cookie Compliance